CVE-2011-4953

Publication date 27 October 2014

Last updated 24 July 2024


Ubuntu priority

The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
cobbler 13.04 raring
Fixed 2.2.2-0ubuntu1
12.10 quantal
Fixed 2.2.2-0ubuntu1
12.04 LTS precise
Fixed 2.2.2-0ubuntu1
11.10 oneiric Ignored end of life
11.04 natty Ignored end of life
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release